No further updates will be made to this page, and accuracy is neither expected nor guaranteed. It is left in place solely for historical interest.

HTTP Network Sniffer

In the modern world there are very many applications which are vulnerable to network sniffing.

These include protocols such as Telnet, FTP, rsh, etc. All of these protocols have been around for a long time; before network sniffing was commonly known/used.

On the whole protocols have evolved in such a way that passwords aren't sent as plaintext any longer; SSH has replaced telnet, SCP has replaced FTP, and various other changes have been made - such as the introduction of APOP to avoid using plaintext passwords for POP3 connections.

This application is the start of a collection of tools for performing network audits of HTTP based services.

The Tool

The tool designed here is a driver application which contains a couple of simple plugins for capturing, decoding, and displaying some network logins. Currently FTP/POP3/HTTP Basic Realms and CVS logins are supported. More may arrive in the future.

Usage is pretty simple:

skx@hell:~$ httpcapture --help
httpcapture - 0.4 by Steve Kemp
Usage: httpcapture [ options ]
--debug Enable extra debugging output.
--force Don't exit if run by a non-root user.
--help Show this help
--interface ethN Set the interface to listen upon.
--list Show all installed plugins.
--path dir Set an alternate plugin directory.
--versionShow the version number of this application.

Download HTTPCapture

Download via the following link, run 'make install' to build and install the plugins in the correct location. (A simple 'make uninstall' will remove everything cleanly).

Future versions will contain more plugins, a stable plugin API, and real documentation.